This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============4605519975554160564== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="DhLJPoSUuREWt9Xfs7RbmlVUNRqOBka2C"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --DhLJPoSUuREWt9Xfs7RbmlVUNRqOBka2C Content-Type: multipart/mixed; boundary="00ObhqMMJXUtvXIMWuohrOAvH6au6HD5P" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <108fd896-c6c6-218e-3dc3-81c5ffec0400@canonical.com> Subject: [USN-3096-1] NTP vulnerabilities
--00ObhqMMJXUtvXIMWuohrOAvH6au6HD5P Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3096-1 October 05, 2016
ntp vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in NTP.
Software Description: - ntp: Network Time Protocol daemon and utility programs
Details:
Aanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. A remote attacker could use this issue to perform a replay attack. (CVE-2015-7973)
Matt Street discovered that NTP incorrectly verified peer associations of symmetric keys. A remote attacker could use this issue to perform an impersonation attack. (CVE-2015-7974)
Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled memory. An attacker could possibly use this issue to cause ntpq to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-7975)
Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled dangerous characters in filenames. An attacker could possibly use this issue to overwrite arbitrary files. (CVE-2015-7976)
Stephen Gray discovered that NTP incorrectly handled large restrict lists. An attacker could use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2015-7977, CVE-2015-7978)
Aanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. A remote attacker could use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2015-7979)
Jonathan Gardner discovered that NTP incorrectly handled origin timestamp checks. A remote attacker could use this issue to spoof peer servers. (CVE-2015-8138)
Jonathan Gardner discovered that the NTP ntpq utility did not properly handle certain incorrect values. An attacker could possibly use this issue to cause ntpq to hang, resulting in a denial of service. (CVE-2015-8158)
It was discovered that the NTP cronjob incorrectly cleaned up the statistics directory. A local attacker could possibly use this to escalate privileges. (CVE-2016-0727)
Stephen Gray and Matthew Van Gundy discovered that NTP incorrectly validated crypto-NAKs. A remote attacker could possibly use this issue to prevent clients from synchronizing. (CVE-2016-1547)
Miroslav Lichvar and Jonathan Gardner discovered that NTP incorrectly handled switching to interleaved symmetric mode. A remote attacker could possibly use this issue to prevent clients from synchronizing. (CVE-2016-1548)
Matthew Van Gundy, Stephen Gray and Loganaden Velvindron discovered that NTP incorrectly handled message authentication. A remote attacker could possibly use this issue to recover the message digest key. (CVE-2016-1550)
Yihan Lian discovered that NTP incorrectly handled duplicate IPs on unconfig directives. An authenticated remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2016-2516)
Yihan Lian discovered that NTP incorrectly handled certail peer associations. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2016-2518)
Jakub Prokes discovered that NTP incorrectly handled certain spoofed packets. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-4954)
Miroslav Lichvar discovered that NTP incorrectly handled certain packets when autokey is enabled. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-4955)
Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed broadcast packets. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-4956)
In the default installation, attackers would be isolated by the NTP AppArmor profile.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: ntp 1:4.2.8p4+dfsg-3ubuntu5.3
Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10
Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.11
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-3096-1 CVE-2015-7973, CVE-2015-7974, CVE-2015-7975, CVE-2015-7976, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8158, CVE-2016-0727, CVE-2016-1547, CVE-2016-1548, CVE-2016-1550, CVE-2016-2516, CVE-2016-2518, CVE-2016-4954, CVE-2016-4955, CVE-2016-4956
Package Information: https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p4+dfsg-3ubuntu5.3 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.11
--00ObhqMMJXUtvXIMWuohrOAvH6au6HD5P--
--DhLJPoSUuREWt9Xfs7RbmlVUNRqOBka2C Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJX9Uh+AAoJEGVp2FWnRL6Tw9gP/0XbUIZnMIWxD8UrENjQCvZ5 rh9YNT+6sCYGsV7tb3IEZAH2inE5SaLFvnTAfMjIiTN1fobBFHX/3327XG844iPH 17qU2Y5ItFKPG0HDrsW0ttwcxC+v27QIy7tgvoOkiIYVuxWpF0Kv73oa8DmOmTo6 4iHG6cCTTgp+z+d0aM3OQpKrCzkYIOqBJGj4ltrYBHmRMus4zW0K1GeID3OkdH9S mAdrgUTIkvjbj98cjbl3JK/nrZnds2hMnmVs/b4Q7SRaAMPNs4n9hQ3gXAaPCEeq rnsOLI9ZaPeAyvquR3YBUDrXnrYdPczkrXJAJBYxqcMoTRG0AwkoF2IhltjVBfWr 1szXikc54EJDujP+NvigfBBpHBkeQfVpQIM1H6uauOFeR/vjaxz/M1qKxLH804P2 n7C0sD9JWgMx8LcT2lVbcGmFtUT+o+Ct+Lay1h2E/UqOE5A698wKIllS8PKScc+Z u79hnr7D8H3h0AgF+e1ngq9Amhp01BM3NoeII9G4m4TW+OjDqODvN+cjDyyRdfh2 bfrFESUHslpcBjcNm92yts2m63h2NJQzYmF1JmxXm0Hek472vFugRdWKRBmd65lA RDNm0bofJkpJV7W4ZZ5Jx2MuwPik4pas4yHqo5MLhAyXGysJu+gL+0uENMcvhIoV AWZghmR9w4AkySQcB/vA =t8eV -----END PGP SIGNATURE-----
--DhLJPoSUuREWt9Xfs7RbmlVUNRqOBka2C--
--===============4605519975554160564== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============4605519975554160564==--
|